package com.example.security.filter;

import com.example.security.service.SysTokenService;
import com.example.core.utils.Result;
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class JWTAuthenticationFilter extends BasicHttpAuthenticationFilter {

    private SysTokenService sysTokenService;

    /****
     * 该方法返回值表示是否跳过认证
     * @param request
     * @param response
     * @param mappedValue
     * @return 返回true表示放开权限控制，返回false表示不跳过权限.
     */
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
        return sysTokenService.verify(request, response);
    }


    /****
     * 登陆失败的处理办法.
     * @param request
     * @param response
     * @return
     * @throws Exception
     */
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        Result.noLogin(response);
        return super.onAccessDenied(request, response);
    }


    public JWTAuthenticationFilter(SysTokenService sysTokenService) {
        this.sysTokenService = sysTokenService;
    }
}
